1 | John,
|
---|
2 |
|
---|
3 | I have been an extremely satisfied ADODB user for several years now.
|
---|
4 |
|
---|
5 | To give you something back for all your hard work, I've spent the last 3
|
---|
6 | days rewriting the adodb-session.php code.
|
---|
7 |
|
---|
8 | ----------
|
---|
9 | What's New
|
---|
10 | ----------
|
---|
11 |
|
---|
12 | Here's a list of the new code's benefits:
|
---|
13 |
|
---|
14 | * Combines the functionality of the three files:
|
---|
15 |
|
---|
16 | adodb-session.php
|
---|
17 | adodb-session-clob.php
|
---|
18 | adodb-cryptsession.php
|
---|
19 |
|
---|
20 | each with very similar functionality, into a single file adodb-session.php.
|
---|
21 | This will ease maintenance and support issues.
|
---|
22 |
|
---|
23 | * Supports multiple encryption and compression schemes.
|
---|
24 | Currently, we support:
|
---|
25 |
|
---|
26 | MD5Crypt (crypt.inc.php)
|
---|
27 | MCrypt
|
---|
28 | Secure (Horde's emulation of MCrypt, if MCrypt module is not available.)
|
---|
29 | GZip
|
---|
30 | BZip2
|
---|
31 |
|
---|
32 | These can be stacked, so if you want to compress and then encrypt your
|
---|
33 | session data, it's easy.
|
---|
34 | Also, the built-in MCrypt functions will be *much* faster, and more secure,
|
---|
35 | than the MD5Crypt code.
|
---|
36 |
|
---|
37 | * adodb-session.php contains a single class ADODB_Session that encapsulates
|
---|
38 | all functionality.
|
---|
39 | This eliminates the use of global vars and defines (though they are
|
---|
40 | supported for backwards compatibility).
|
---|
41 |
|
---|
42 | * All user defined parameters are now static functions in the ADODB_Session
|
---|
43 | class.
|
---|
44 |
|
---|
45 | New parameters include:
|
---|
46 |
|
---|
47 | * encryptionKey(): Define the encryption key used to encrypt the session.
|
---|
48 | Originally, it was a hard coded string.
|
---|
49 |
|
---|
50 | * persist(): Define if the database will be opened in persistent mode.
|
---|
51 | Originally, the user had to call adodb_sess_open().
|
---|
52 |
|
---|
53 | * dataFieldName(): Define the field name used to store the session data, as
|
---|
54 | 'DATA' appears to be a reserved word in the following cases:
|
---|
55 | ANSI SQL
|
---|
56 | IBM DB2
|
---|
57 | MS SQL Server
|
---|
58 | Postgres
|
---|
59 | SAP
|
---|
60 |
|
---|
61 | * filter(): Used to support multiple, simulataneous encryption/compression
|
---|
62 | schemes.
|
---|
63 |
|
---|
64 | * Debug support is improved thru _rsdump() function, which is called after
|
---|
65 | every database call.
|
---|
66 |
|
---|
67 | ------------
|
---|
68 | What's Fixed
|
---|
69 | ------------
|
---|
70 |
|
---|
71 | The new code includes several bug fixes and enhancements:
|
---|
72 |
|
---|
73 | * sesskey is compared in BINARY mode for MySQL, to avoid problems with
|
---|
74 | session keys that differ only by case.
|
---|
75 | Of course, the user should define the sesskey field as BINARY, to
|
---|
76 | correctly fix this problem, otherwise performance will suffer.
|
---|
77 |
|
---|
78 | * In ADODB_Session::gc(), if $expire_notify is true, the multiple DELETES in
|
---|
79 | the original code have been optimized to a single DELETE.
|
---|
80 |
|
---|
81 | * In ADODB_Session::destroy(), since "SELECT expireref, sesskey FROM $table
|
---|
82 | WHERE sesskey = $qkey" will only return a single value, we don't loop on the
|
---|
83 | result, we simply process the row, if any.
|
---|
84 |
|
---|
85 | * We close $rs after every use.
|
---|
86 |
|
---|
87 | ---------------
|
---|
88 | What's the Same
|
---|
89 | ---------------
|
---|
90 |
|
---|
91 | I know backwards compatibility is *very* important to you. Therefore, the
|
---|
92 | new code is 100% backwards compatible.
|
---|
93 |
|
---|
94 | If you like my code, but don't "trust" it's backwards compatible, maybe we
|
---|
95 | offer it as beta code, in a new directory for a release or two?
|
---|
96 |
|
---|
97 | ------------
|
---|
98 | What's To Do
|
---|
99 | ------------
|
---|
100 |
|
---|
101 | I've vascillated over whether to use a single function to get/set
|
---|
102 | parameters:
|
---|
103 |
|
---|
104 | $user = ADODB_Session::user(); // get
|
---|
105 | ADODB_Session::user($user); // set
|
---|
106 |
|
---|
107 | or to use separate functions (which is the PEAR/Java way):
|
---|
108 |
|
---|
109 | $user = ADODB_Session::getUser();
|
---|
110 | ADODB_Session::setUser($user);
|
---|
111 |
|
---|
112 | I've chosen the former as it's makes for a simpler API, and reduces the
|
---|
113 | amount of code, but I'd be happy to change it to the latter.
|
---|
114 |
|
---|
115 | Also, do you think the class should be a singleton class, versus a static
|
---|
116 | class?
|
---|
117 |
|
---|
118 | Let me know if you find this code useful, and will be including it in the
|
---|
119 | next release of ADODB.
|
---|
120 |
|
---|
121 | If so, I will modify the current documentation to detail the new
|
---|
122 | functionality. To that end, what file(s) contain the documentation? Please
|
---|
123 | send them to me if they are not publically available.
|
---|
124 |
|
---|
125 | Also, if there is *anything* in the code that you like to see changed, let
|
---|
126 | me know.
|
---|
127 |
|
---|
128 | Thanks,
|
---|
129 |
|
---|
130 | Ross
|
---|
131 |
|
---|